Updated March 2018
While most law firms will not be required to appoint a data protection officer (DPO) under the GDPR, we recommend that practices consider voluntary designation.
The DPO should be someone with appropriate expertise and resources to lead on GDPR compliance.
Download our guidance for law firms on the appointment of a Data Protection Officer (DPO) (PDF 425kb).
Download our decision-making flowchart on the appointment of a Data Protection Officer (DPO) (PDF 82kb).
This is a work in progress on which we would welcome comments.
Email us to give feedback.